Cloud Certification for Government Operations

August 13, 2013

In the cloud services for critical infrastructure is getting more transparent to end users. Jim Reavis, co-founder and executive director of the Cloud Security Alliance (CSA), says that "transparency has always been a significant part of the CSA's vision, and today this objective is more critical than ever." Photo courtesy of the Zalud Report

The Cloud Security Alliance (CSA) announced in late July a number of milestones in its continued efforts to spearhead global transparency for cloud services. Over 30 entries, from major cloud providers, have been made to its Security, Trust and Assurance Registry (STAR). Later this fall, the CSA, along with the BSI (British Standards Institution), will unveil details of the STAR certification effort.

"With over 48,000 individual members, and 70 chapters globally, the CSA has become the global authoritative source for trust in the cloud," contends Dave Cullinane, chairman of the CSA Board of Directors. "As we look to the future, we believe that enabling assurance in a global compute utility is one of the greatest challenges facing the industry, if we want cloud computing to meet its potential. As a result, we continue to focus our efforts on enabling transparency among cloud providers, for the benefit of consumers around the world."

In late 2011, the CSA introduced STAR, a first step in improving transparency and assurance in the cloud. Major cloud players include Amazon Web Services, Box.com, HP, Microsoft, Ping Identity, Red Hat, Skyhigh Networks, Symantec and Terremark, who submitted entries into the registry.

CSA also has published results of its recent survey on government access to information. The survey received almost 500 responses from CSA members around the world. It found that 56 percent of non-U.S. residents were now less likely to use U.S.-based cloud providers, in light of recent revelations about government access to customer information. An overwhelming 90 percent of respondents said that companies which have been subpoenaed through provisions of the U.S. Patriot Act should be able to publish summary information about the amount of responses they have made. Full results of the survey can be found at https://cloudsecurityalliance.org/research/surveys/#_nsa_prism.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.